prosody-modules
527c747711f3
mod_json_streams/strophe.jsonstreams.js

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

File

mod_json_streams/strophe.jsonstreams.js @ 5705:527c747711f3

mod_http_oauth2: Limit revocation to clients own tokens in strict mode RFC 7009 section 2.1 states: > The authorization server first validates the client credentials (in > case of a confidential client) and then verifies whether the token was > issued to the client making the revocation request. If this > validation fails, the request is refused and the client is informed of > the error by the authorization server as described below. The first part was already covered (in strict mode). This adds the later part using the hash of client_id recorded in 0860497152af It still seems weird to me that revoking a leaked token should not be allowed whoever might have discovered it, as that seems the responsible thing to do.
author Kim Alvefur <zash@zash.se>
date Sun, 29 Oct 2023 11:30:49 +0100
parent 1343:7dbde05b48a9
line wrap: on
line source


/* jsonstreams plugin
**
** This plugin upgrades Strophe to support XEP-0295: JSON Encodings for XMPP
**
*/

Strophe.addConnectionPlugin('jsonstreams', {
    init: function (conn) {

        var parseXMLString = function(xmlStr) {
			var xmlDoc = null;
			if (window.ActiveXObject) {
				xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
				xmlDoc.async=false;
				xmlDoc.loadXML(xmlStr);
			} else {
				var parser = new DOMParser();
				xmlDoc = parser.parseFromString(xmlStr, "text/xml");
			}
			return xmlDoc;
        }

        // replace Strophe.Request._newXHR with new jsonstreams version
        // if JSON is detected
        if (window.JSON) {
        	var _newXHR = Strophe.Request.prototype._newXHR;
            Strophe.Request.prototype._newXHR = function () {
            	var _xhr = _newXHR.apply(this, arguments);
                var xhr = {
                	readyState: 0,
                	responseText: null,
                	responseXML: null,
                	status: null,
                	open: function(a, b, c) { return _xhr.open(a, b, c) },
                	abort: function() { _xhr.abort(); },
                	send: function(data) {
                		data = JSON.stringify({"s":data});
                		return _xhr.send(data);
                	}
                };
                var req = this;
                xhr.onreadystatechange = this.func.bind(null, this);
                _xhr.onreadystatechange = function() {
                	xhr.readyState = _xhr.readyState;
                	if (xhr.readyState != 4) {
                		xhr.status = 0;
                		xhr.responseText = "";
                		xhr.responseXML = null;
                	} else {
	                	xhr.status = _xhr.status;
	               		xhr.responseText = _xhr.responseText;
	               		xhr.responseXML = _xhr.responseXML;
	                	if (_xhr.responseText && !(_xhr.responseXML
	                			&& _xhr.responseXML.documentElement
	                			&& _xhr.responseXML.documentElement.tagName != "parsererror")) {
	                		var data = JSON.parse(_xhr.responseText);
	                		if (data && data.s) {
	                			xhr.responseText = data.s;
	                			xhr.responseXML = parseXMLString(data.s);
	                		}
	                	}
	                }
                	if ("function" == typeof xhr.onreadystatechange) { xhr.onreadystatechange(req); }
                }
                return xhr;
            };
        } else {
            Strophe.error("jsonstreams plugin loaded, but JSON not found." +
                          "  Falling back to native XHR implementation.");
        }
    }
});